Skip to content

Commit 0f37872

Browse files
theagenticguyclaude
andcommitted
fix: address PR review feedback for aws-observability plugin
- Replace wildcard IAM permissions with least-privilege read-only actions in SKILL.md (Copilot review comment awslabs#5) - Add missing `| limit 100` to Performance Analysis query example in SKILL.md (Copilot review comment awslabs#4) - Fix DynamoDB Throttles alarm pattern to use ReadThrottleEvents / WriteThrottleEvents instead of UserErrors (Copilot review comment awslabs#3) - Fix lookup_events example to use 90-day window matching API limits (Copilot review comment awslabs#1) - Remove orphaned pattern numbering ("Pattern 2/3/4" with no Pattern 1) in security-auditing.md (Copilot review comment awslabs#2) - Replace all "steering file" terminology with "reference" across all 8 reference files for consistency with plugin conventions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a4cf8d0 commit 0f37872

9 files changed

Lines changed: 31 additions & 30 deletions

File tree

plugins/aws-observability/skills/aws-observability/SKILL.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,12 @@ Comprehensive AWS observability platform combining monitoring, troubleshooting,
1212
1. **AWS CLI configured** with credentials (`aws configure` or `~/.aws/credentials`)
1313
2. **Python 3.10+** and `uv` installed
1414
3. **Application Signals enabled** in your AWS account when applicable
15-
4. **Required AWS Permissions**:
16-
- `cloudwatch:*` for CloudWatch Metrics and Alarms
17-
- `logs:*` for CloudWatch Logs operations
18-
- `xray:*` for distributed tracing
19-
- `cloudtrail:*` for CloudTrail queries
20-
- `application-signals:*` for Application Signals
15+
4. **Required AWS Permissions** (read-only, least-privilege):
16+
- **CloudWatch Metrics & Alarms**: `cloudwatch:GetMetricData`, `cloudwatch:GetMetricStatistics`, `cloudwatch:ListMetrics`, `cloudwatch:DescribeAlarms`, `cloudwatch:DescribeAlarmsForMetric`, `cloudwatch:DescribeAlarmHistory`, `cloudwatch:DescribeAnomalyDetectors`
17+
- **CloudWatch Logs**: `logs:DescribeLogGroups`, `logs:DescribeLogStreams`, `logs:GetLogEvents`, `logs:FilterLogEvents`, `logs:StartQuery`, `logs:StopQuery`, `logs:GetQueryResults`, `logs:DescribeQueries`
18+
- **X-Ray**: `xray:BatchGetTraces`, `xray:GetTraceSummaries`, `xray:GetTraceGraph`, `xray:GetServiceGraph`, `xray:GetTimeSeriesServiceStatistics`
19+
- **CloudTrail**: `cloudtrail:LookupEvents`, `cloudtrail:DescribeTrails`, `cloudtrail:GetTrail`, `cloudtrail:ListTrails`, `cloudtrail:GetEventSelectors`
20+
- **Application Signals**: `application-signals:GetService`, `application-signals:ListServices`, `application-signals:ListServiceOperations`, `application-signals:GetServiceLevelObjective`, `application-signals:ListServiceLevelObjectives`, `application-signals:BatchGetServiceLevelObjectiveBudgetReport`
2121
- `synthetics:GetCanary`, `synthetics:GetCanaryRuns` for canary analysis
2222
- `s3:GetObject`, `s3:ListBucket` for canary artifacts
2323
- `iam:GetRole`, `iam:ListAttachedRolePolicies`, `iam:GetPolicy`, `iam:GetPolicyVersion` for enablement guides
@@ -134,6 +134,7 @@ stats count() as requestCount,
134134
by endpoint
135135
| filter requestCount > 10
136136
| sort p95Duration desc
137+
| limit 100
137138
```
138139

139140
### Error Rate Over Time

plugins/aws-observability/skills/aws-observability/references/alerting-setup.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
## Purpose
44

5-
This steering file provides guidance for setting up effective CloudWatch alarms using recommended configurations and best practices.
5+
This reference provides guidance for setting up effective CloudWatch alarms using recommended configurations and best practices.
66

77
## Core Concepts
88

@@ -171,18 +171,18 @@ Rationale:
171171
**Recommended Configuration**:
172172

173173
```
174-
Metric: AWS/DynamoDB - UserErrors
174+
Metric: AWS/DynamoDB - ReadThrottleEvents / WriteThrottleEvents
175175
Statistic: Sum
176-
Threshold: > 10 errors
176+
Threshold: > 10 throttle events
177177
Evaluation Period: 1 minute
178178
Datapoints to Alarm: 2 out of 2
179179
Treat Missing Data: notBreaching
180180
181181
Rationale:
182-
- Sum is correct for error counts
183-
- 10 errors indicates capacity issue
182+
- Sum is correct for throttle event counts
183+
- 10 throttle events indicates a capacity or hot-partition issue
184184
- 1-minute periods for quick detection
185-
- 2 out of 2 confirms sustained throttling
185+
- 2 out of 2 confirms sustained throttling, not a single spike
186186
```
187187

188188
## Composite Alarms

plugins/aws-observability/skills/aws-observability/references/application-signals-setup.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Application Signals Setup and Enablement Guide
22

3-
This steering file provides comprehensive guidance for setting up AWS Application Signals using the plugin's enablement guide feature.
3+
This reference provides comprehensive guidance for setting up AWS Application Signals using the plugin's enablement guide feature.
44

55
## Quick Start: Get Enablement Guide
66

plugins/aws-observability/skills/aws-observability/references/cloudtrail-data-source-selection.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22

33
## Purpose
44

5-
This is a utility guide referenced by `security-auditing.md` and other steering files for CloudTrail data access priority logic. It is not intended to be loaded directly in response to user queries. For CloudTrail security analysis, use `security-auditing.md` instead.
5+
This is a utility guide referenced by `security-auditing.md` and other reference files for CloudTrail data access priority logic. It is not intended to be loaded directly in response to user queries. For CloudTrail security analysis, use `security-auditing.md` instead.
66

7-
This steering file defines the priority order for accessing CloudTrail audit data across different AWS services. It ensures the agent always uses the most efficient and comprehensive data source available.
7+
This reference defines the priority order for accessing CloudTrail audit data across different AWS services. It ensures the agent always uses the most efficient and comprehensive data source available.
88

99
## Data Source Priority
1010

@@ -339,7 +339,7 @@ This priority-based approach ensures:
339339
- Graceful fallback to available alternatives
340340
- Clear guidance for users on capabilities
341341
- Cost optimization through appropriate tool selection
342-
- Consistent behavior across all steering files
342+
- Consistent behavior across all reference files
343343

344344
---
345345

plugins/aws-observability/skills/aws-observability/references/incident-response.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
## Purpose
44

5-
This steering file provides comprehensive guidance for responding to incidents and troubleshooting issues using the full AWS observability stack.
5+
This reference provides comprehensive guidance for responding to incidents and troubleshooting issues using the full AWS observability stack.
66

77
## Incident Response Framework
88

plugins/aws-observability/skills/aws-observability/references/log-analysis.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
# CloudWatch Logs Insights Analysis Steering
1+
# CloudWatch Logs Insights Analysis
22

33
## Purpose
44

5-
This steering file provides guidance for using CloudWatch Logs Insights QL syntax for log analysis, troubleshooting, and data extraction via the CloudWatch MCP server.
5+
This reference provides guidance for using CloudWatch Logs Insights QL syntax for log analysis, troubleshooting, and data extraction via the CloudWatch MCP server.
66

77
## MCP Server Tools
88

plugins/aws-observability/skills/aws-observability/references/observability-gap-analysis.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
# Codebase Observability Gap Analysis Steering
1+
# Codebase Observability Gap Analysis
22

33
## Purpose
44

5-
This steering file provides guidance for analyzing codebases across major programming languages to identify observability gaps and provide actionable recommendations for instrumentation, logging, metrics, and tracing.
5+
This reference provides guidance for analyzing codebases across major programming languages to identify observability gaps and provide actionable recommendations for instrumentation, logging, metrics, and tracing.
66

77
## Analysis Framework
88

plugins/aws-observability/skills/aws-observability/references/performance-monitoring.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
# Application Signals Performance Monitoring Steering
1+
# Application Signals Performance Monitoring
22

33
## Purpose
44

5-
This steering file provides guidance for using AWS CloudWatch Application Signals to monitor application performance, health, and dependencies.
5+
This reference provides guidance for using AWS CloudWatch Application Signals to monitor application performance, health, and dependencies.
66

77
## Application Signals Overview
88

plugins/aws-observability/skills/aws-observability/references/security-auditing.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
# CloudTrail Security Auditing Steering
1+
# CloudTrail Security Auditing
22

33
## Purpose
44

5-
This steering file provides guidance for accessing and analyzing CloudTrail audit data for security auditing, compliance monitoring, and governance analysis.
5+
This reference provides guidance for accessing and analyzing CloudTrail audit data for security auditing, compliance monitoring, and governance analysis.
66

77
## Prerequisites and Data Source Selection
88

@@ -36,7 +36,7 @@ If neither CloudTrail Lake nor CloudWatch Logs available:
3636

3737
**See `cloudtrail-data-source-selection.md` for detailed decision tree and implementation workflow.**
3838

39-
## When to Load This Steering
39+
## When to Load This Reference
4040

4141
Load this when the user needs to:
4242

@@ -194,7 +194,7 @@ lookup_events(
194194
'AttributeValue': 'DeleteBucket'
195195
}
196196
],
197-
StartTime='2024-01-01T00:00:00Z',
197+
StartTime='2024-10-01T00:00:00Z', # Must be within 90 days
198198
EndTime='2024-12-31T23:59:59Z',
199199
MaxResults=50
200200
)
@@ -207,7 +207,7 @@ lookup_events(
207207
- Basic filtering capabilities
208208
- No SQL or complex query support
209209

210-
#### Pattern 2: Security Incident Investigation
210+
#### Security Incident Investigation
211211

212212
```
213213
# 1. Identify suspicious activity (failed access attempts)
@@ -230,7 +230,7 @@ fields eventTime, eventName, userIdentity.userName, requestParameters
230230
| limit 50
231231
```
232232

233-
#### Pattern 3: Compliance Audit
233+
#### Compliance Audit
234234

235235
```
236236
# 1. List all IAM changes
@@ -253,7 +253,7 @@ fields eventTime, eventName, userIdentity.userName, requestParameters, responseE
253253
| limit 100
254254
```
255255

256-
#### Pattern 4: Resource Change Tracking
256+
#### Resource Change Tracking
257257

258258
```
259259
# 1. Find specific resource changes (replace with actual resource ARN)

0 commit comments

Comments
 (0)